This topic summarizes the firewall rules required for migration with vMotion, both in your on-premises and cloud data centers.
VMware Cloud on AWS Firewall Rules for vMotion
Ensure that the following firewall rules are configured in the VMware Cloud Console.
|Provide access to vCenter from the on premises.
Use for general vSphere Client access as well as for monitoring vCenter
|remote (on-premises) vSphere Client IP address||vCenter||HTTPS|
|Allow outbound vCenter access to on-premises vCenter.||vCenter||remote (on-premises) vCenter IP address||Any (All Traffic)|
|Allow SSO vCenter||remote (on-premises) Platform Services Controller IP address||vCenter||SSO (TCP 7444)|
|ESXi NFC traffic||remote (on-premises) ESXi VMkernel networks used for NFC.||ESXi||Provisioning (TCP 902)|
|Allow outbound ESXi access to on-premises .||ESXi||remote (on-premises) ESXi management VMkernel networks||Any (All Traffic)|
|Allow vMotion traffic.||remote (on-premises) ESXi vMotion VMkernel networks||ESXi||vMotion (TCP 8000)|
On-Premises Firewall Rules for vMotion
Ensure that the following firewall rules are configured in your on-premises firewall.
|On-premises to vCenter||Allow||remote (on-premises) vSphere Client subnet||VMware Cloud on AWS vCenter IP address||HTTPS||443|
|Remote to ESXi provisioning||Allow||remote (on-premises) subnet||TCP 902||902|
|Cloud SDDC to on-premises vCenterAllow||Allow||CIDR block for cloud SDDC management network||On-premises vCenter, PSC, Active Directory subnet||HTTPS||443|
|Cloud SDDC toESXi Remote Console||Allow||CIDR block for cloud SDDC management network||VMware Cloud on AWS vCenter IP address|
|Cloud SDDC to Remote LDAP||Allow||CIDR block for cloud SDDC management network||Remote LDAP Server||TCP||389, 636|
|Cloud SDDC to ESXi vMotion||Allow||CIDR block for cloud SDDC management network||Remote ESXi host subnet||TCP||8000|